This site, like many others, uses small files called cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on this website (Cookie Policy). However, if you would like to, you can change your cookie settings at any time.

Don't be caught with your pants down

The recent attacks on the World Trade Centre in New York were without precedent and unforeseen. They illustrate the vulnerability of commercial property in the face of a premeditated attack.

In rec ...

The recent attacks on the World Trade Centre in New York were without precedent and unforeseen. They illustrate the vulnerability of commercial property in the face of a premeditated attack.

In recent years, the UK has witnessed terrorist action. In 1996, a bomb exploded in London's Docklands and many companies without a business continuity plan were forced to close down.

However, companies can be prepared for events like this and things can be put into place to tackle disasters that may result in loss of life, material damage, loss of working time and destruction of critical business data.

Business continuity planning is the process of assessing risk and identifying the areas of exposure before something goes wrong and putting forward practical recommendations to reduce the exposure or its effects. What should accompany this is a disaster recovery plan, detailing precisely what should be done in the event of a disaster to ensure minimal disruption to the business, its staff and cash flow.

Being aware of risk is the essential ingredient with which to approach business continuity. A business impact analysis can help to pinpoint the greatest threats to an organisation. This is used to establish how long an interruption to business can be tolerated before the effects become inconvenient, serious or critical.

Businesses need to be clear about the value of what any given loss would mean to them. A value needs to be attributed to each risk and then a ranking of the likelihood of each risk occurring. Consequently, companies will know which risks they should be better prepared for and where they should be targeting their investment in measures to protect against terrorism.

A particular issue is time. How long will it take for a company to get going again after an incident? The longer it takes, the greater the risk a company's competitors will fill the void.

Preventing an attackIn practical terms, what can a company do to prevent a terrorist attack? Employees are valuable as an organisation's eyes and ears, reporting any suspicious activity, being vigilant about unattended packages and challenging unidentified strangers entering a building. Telephonists should be taught how to handle bomb threat warnings, taking details and any code words.

The area outside a building and reception areas require attention to maintain security. Bushes and shrubbery should be kept under control, as they offer prime areas for devices to be hidden. Maintenance hatches leading into buildings need to be locked when not in use and furniture in reception is best kept minimal and open in design.

In terms of construction, a glass-fronted building can be protected to some extent with shatter-resistant film. Blast curtains and shutters provide an extra level of protection.

Access to a building can be controlled in different ways, such as swipe cards, digital keypads and iris, fingerprint or voice recognition entry authorisation. Manned entrances and turnstiles also add to security. However, the integrity of these measures is only as good as their management.

Managing the influx of visitors is another obvious, but often neglected, area of protection. Use of signing-in books and visitor badges should be strictly adhered to and visitors should be restricted to appointments only, with staff accompanying them at all times.

Get out the guardsSecurity guards at reception and conducting patrols around buildings and car parks - complete with two-way communication - are an effective option as both a deterrent and investigative resource. By law, anyone entering a company's premises can be searched and, if necessary, entrance refused.

CCTV provides 24-hour security, covering vital areas. More advanced options offer infra-red lighting and video recording. Both security guards and CCTV can be a shared investment in an area where safety measures would benefit several companies located close to each other.

Basic elements, such as alarms, internal and external lighting and high-quality window locks, especially at ground floor level, provide an effective front line of preventative security.

Once inside the offices of a company, there are measures to help minimise loss in the event of an attack.

A clear desk policy encourages staff not to leave any important items where they may be damaged in the event of a disaster. Shielding computers with protective covers at the end of the day means equipment has more chance of being salvaged following an incident.

Electronic data should be backed up regularly, both on-site and, if possible, at a secure location off-site. The importance of this cannot be emphasised enough.

Brief your staffIn the event of a disaster, comprehensive advanced planning can be a saviour and staff should be fully briefed on what to do. In a worse-case scenario, recommencing operations might involve staff casualties, contacting families of injured or missing staff, lack of access to a building, handling media interest, managing disruption to work in progress and recovering from damage to essential equipment and materials. Looting, loss of communications facilities and loss of power, leading to a potential corruption of data, can all affect a firm's processes and delay a return to normal operations.

The preparation of a disaster recovery plan, including formalised procedures, will assist an organisation to establish short-term recovery arrangements for a minimum service level and enable normal working to be resumed as soon as possible. A business must take ownership of such a plan at the highest level, test it regularly and revise it to take account of any internal changes.

Topics

Related articles

GWP: £3.9bn Management Group chief executive Stephen Hester’s future at RSA is now in question after rival insurer Zurich’s £5.6bn bid to buy RSA collapsed. Zurich blamed problems in its own business, rather than anything untoward it found in RSA’s, for its withdrawal from the deal. But ...

GWP: £3.3bn Management Current ABI chairman Paul Evans continues to run the AXA UK group, which comprises AXA’s non-life, life and health business. From 1 January 2016, the UK general insurance business will be run entirely by Amanda Blanc after she takes over the only remaining ...

GWP: £3.1bn Management The top team of chief executive Paul Geddes and chief financial officer John Reizenstein continue to lead the UK’s biggest personal lines insurer. If the company’s performance on the stock market since its 2012 flotation is anything to go by, the pair and their ...